Description
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: Yes
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from an inappropriate implementation in V8 of Google Chrome, allowing a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. This leads to a potential escape from the sandbox to the host system, giving the attacker control over the victim’s machine. The weakness is identified as both CWE-119 (Buffer Overflow) and CWE-94 (Code Injection), underscoring the severity of memory management and code execution flaws.

Affected Systems

Google Chrome browsers prior to version 146.0.7680.75 are affected. The issue is vendor-wide and applies to all operating systems that run Chrome, as indicated by CPE strings for windows, macos, and linux.

Risk and Exploitability

The CVSS score of 8.8 classifies the vulnerability as High severity. An EPSS score of 23% indicates a moderate probability of exploitation. The vulnerability is listed in the CISA KEV catalog, confirming that it has been used in the wild. While the description does not explicitly state the attack vector, it is inferred that the exploitation requires a user to open a maliciously crafted HTML page in an affected Chrome instance. Once accessed, the attacker can run arbitrary code within the sandbox context, potentially compromising system integrity.

Generated by OpenCVE AI on March 18, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 146.0.7680.75 or later.

Generated by OpenCVE AI on March 18, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6165-1 chromium security update
History

Fri, 13 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses CWE-94
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 13 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-03-13T00:00:00+00:00', 'dueDate': '2026-03-27T00:00:00+00:00'}

Fri, 13 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Fri, 13 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Inappropriate implementation in V8
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 12 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-03-14T03:55:26.662Z

Reserved: 2026-03-11T00:54:21.991Z

Link: CVE-2026-3910

cve-icon Vulnrichment

Updated: 2026-03-12T22:08:41.096Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:55:11.363

Modified: 2026-03-13T22:00:01.403

Link: CVE-2026-3910

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-12T00:00:00Z

Links: CVE-2026-3910 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T10:00:07Z

Weaknesses